#!/bin/bash
# renew cert if required and copy to haproxy destination

{{ haproxy_ssl_letsencrypt_venv }}/bin/certbot renew \
    --standalone \
    --pre-hook "systemctl stop haproxy" \

cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
    > /etc/ssl/private/haproxy.pem

systemctl reload haproxy
